Specific roles are a role type whose permissions are not automatically applied to objects in Micetro. They’re intended to allow managing access on a per-object basis.
To create a Specific role, follow the instructions on Roles, and uncheck the General checkbox in the role creation dialog. (The default value is checked.)
Example: The specific role example.com editor has the
Edit zone options permission enabled. No ‘DNS zone’ type object in Micetro, whether already existing or added in the future, will be accessible to users/groups attached to this role unless specifically added to the object.
Specific roles are only intended for edge use cases, and should not be regarded as the preferred method of access control in Micetro.
Using specific roles
Access defined through specific roles isn’t applied until explicitly configured on objects.
To use a Specific role and control access to an object:
Open the context (DNS or IPAM) and select the object to which you’d like to restrict access.
Using specific roles on an object is only possible individually, per object.
Use the Access action from the top bar or the ellipsis menu.
On the top of the dialog, remove all unneeded General roles and/or users (legacy only) configured.
On the bottom of the dialog, search for the Specific role and click + Add.
This will restrict access to that particular object to the selected users/groups assigned to the Specific role.
Situations may arise that adding a specific role to an object would not take effect because of missing permissions on parent objects. Micetro will calculate the necessary permissions needed, and can automatically add them to the relevant objects.
A notification will display on the Save comment dialog, detailing the additional changes. If the user doesn’t have the necessary access to set permissions of these objects, an advisory will display.
General roles can be restricted from accessing single objects. See Object access.